devtool

CWE Top 25 2021. What is it, what is it for and how is it useful for static analysis?

For the first time PVS-Studio provided support for the CWE classification in the 6.21 release. It took place on January 15, 2018. Years have passed since then and we would like to tell you about the improvements related to the support of this classification in the latest analyzer version.

CWE Top 25 2021. What is it, what is it for and how is it useful for static analysis?

by Mikhail Gelvih

From the article:

We have been using the CWE classification for PVS-Studio diagnostics for more than three years. Their number increases every year. In 2018, we covered only 94 points on the CWE list. Now it's almost 130. However, this article isn't about the total number of diagnostics. Let's talk about those that are included in the list of the most dangerous diagnostics in 2021. If you want to read the full list, you can get it in the "CWE compliance" section of our documentation.

PVS-Studio for JetBrains CLion: ad astra per aspera

The PVS-Studio analyzer already has plugins for such IDEs from JetBrains as Rider, IntelliJ IDEA and Android Studio. Somehow we missed another IDE - CLion. The time has come to make amends!

PVS-Studio for JetBrains CLion: ad astra per aspera

by Evgeniy Ovsyannikov, Sergey Vasiliev

From the article:

Here's an answer to the question that we are discussing - PVS-Studio and CLion collaboration will let us detect more errors at the writing code stage. CLion highlights the errors on the fly, but at the same time is limited in the analysis capabilities. PVS-Studio doesn't highlight errors immediately, but it can perform deeper analysis. Note that PVS-Studio has an incremental analysis – the mode that checks only the changed files.

Checking a Header-Only C++ Library Collection (awesome-hpp)

Somehow, we've happened to check most of the libraries making up a collection called "Awesome hpp". These are small header-only projects in C++. Hopefully, the information about the bugs we've found will help make the libraries better.

Checking a Header-Only C++ Library Collection (awesome-hpp)

by Andrey Karpov

From the article:

A note for library developers. You can use PVS-Studio to check open-source projects for free. To get a free license to use with your open-source project, please fill in this form.

Getting Started with the PVS-Studio Static Analyzer for C++ Development under Linux

There are different ways to install PVS-Studio under Linux, depending on your distro type. The most convenient and preferred method is to use the repository, since it allows auto-updating the analyzer upon releasing new versions.

Getting Started with the PVS-Studio Static Analyzer for C++ Development under Linux

by Yuri Minaev

From the article:

Besides strace, you can base the analysis on the compile_commands.json (JSON Compilation Database) file. Many build systems have built-in means of exporting compilation commands, or you could use the BEAR utility to do this. Here's the command to launch the analysis in this case: pvs-studio-analyzer analyze –f /path/to/compile_commands.json